THOUSANDS of villa rental clients are facing a holiday nightmare after a major booking site was attacked by fraudsters using ‘phishing’ techniques on clients.
Conmen have potentially left tens of thousands of tourists without a place to stay in Spain after hacking into the emails of holiday homeowners, via rental site Owners Direct.com.
By diverting enquiries, scammers are able to masquerade as the owner in order to get booking fees paid into their own bank accounts.
Owners Direct, launched in 1997, works like an online travel brochure along with sister site Homeaway, receiving more than 53 million requests each month in total.
The average client pays around €500 to the site to be advertised alongside thousands of properties, from cheap and cheerful apartments to luxury villas and fincas.
Last year alone, an estimated 5,000 holidaymakers lost millions from this one site when they discovered their rental homes in Spain, France and other European countries had not been booked.
Meanwhile, the homeowners themselves have also lost vital income from the scam due to losing most of their genuine requests.
“I am furious that Owners Direct accepts no responsibility for the scam,” said Gabriella Chidgey who runs stunning www.alcantarilla.co.uk, a rural farmhouse, near Ronda.
“It’s the second time it’s happened in under a year and you only realise it’s occurred when you get a drop in enquiries… or in our case when, luckily, a potential client about to pay the deposit called up to double check the bank details.”
She explained that the fraudsters are so good at covering their tracks they even send bogus enquiries to allay suspicions, but the names and phone numbers given turn out to be non-existent.
Chidgey, 44, added that Owners Direct refuses to take responsibility or offer any refund.
“They promise to get back in three days if there any problems… But I haven’t heard anything in over three weeks and after three emails and two expensive phone calls to London.
“We have lost thousands this year; it’s fair to say we are cancelling our account.”
Another victim, British expat Peter McLeod who owns Finca La Guzmana, also near Ronda, has lost a series of bookings to the Owners Direct scam.
The former policeman criticised the company for allowing mass fraud to take place through its sites.
It is just as bad for the holidaymakers.
One young family from London, the Macdonalds, found themselves stranded in Marbella after paying €2,000 to rent a villa for ten days, only to discover they had been tricked.
The owner and keys were nowhere to be seen, while its website was also down.
Another British holidaymaker, Jillian Roberts was scammed out of the €4,500 that she paid for a family villa, also in Marbella, after contacting the person she assumed to be the owner through Owners Direct.
Campaigners calling for tighter security say the sites should privately hold all email addresses within their internal systems, instead of giving them out to owners.
The founder of an action group previously said: “They must take action and address the security loophole; change the email domain for renters’ enquiries and change the communication workflow between property owners and renters.”
An Owners Direct spokesman told the Olive Press: “We are sorry to hear about these owner and traveller experiences.
“As a company, our goal is to create the most secure marketplace for holiday rentals, but like any online business, we cannot always be 100% immune from issues.
“Phishing is the most common and sophisticated form of online identity theft and we are constantly innovating to tackle it. For example we have recently upgraded the Owners Direct platform to make it easier for travellers to pay via online payments, which is the most secure way to book a rental property and automatically covers you against internet fraud up to £10,000.”
How the scam works
SCAMMERS access people’s accounts via what is known as ‘phishing’.
This involves sending bogus email enquiries to owners in order to glean vital information.
The most common way is to send a fake enquiry with a click-through link to their email sign-in page.
In reality, this is a fake page, and if the owner logs in, the fraudster is also in and can begin intercepting enquiries.
They pose as the owner, deleting emails to cover their tracks, while the real owner remains oblivious.
After sending fake contracts and details, the scammer finally asks for money to be paid into their own bank account. Thousands have lost out.